ID de Prueba:	1.3.6.1.4.1.25623.1.1.4.2016.2210.1
Categoría:	SuSE Local Security Checks
Título:	SUSE: Security Advisory (SUSE-SU-2016:2210-1)
Resumen:	The remote host is missing an update for the 'php53' package(s) announced via the SUSE-SU-2016:2210-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php53' package(s) announced via the SUSE-SU-2016:2210-1 advisory. Vulnerability Insight: This update for php53 fixes the following issues: - security update: * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] Affected Software/OS: 'php53' package(s) on SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Software Development Kit 11-SP4. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3587 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 69325 http://www.securityfocus.com/bid/69325 Debian Security Information: DSA-3008 (Google Search) http://www.debian.org/security/2014/dsa-3008 Debian Security Information: DSA-3021 (Google Search) http://www.debian.org/security/2014/dsa-3021 RedHat Security Advisories: RHSA-2014:1326 http://rhn.redhat.com/errata/RHSA-2014-1326.html RedHat Security Advisories: RHSA-2014:1327 http://rhn.redhat.com/errata/RHSA-2014-1327.html RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html RedHat Security Advisories: RHSA-2016:0760 http://rhn.redhat.com/errata/RHSA-2016-0760.html http://secunia.com/advisories/60609 http://secunia.com/advisories/60696 http://www.ubuntu.com/usn/USN-2344-1 http://www.ubuntu.com/usn/USN-2369-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-3587 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 BugTraq ID: 91904 http://www.securityfocus.com/bid/91904 https://security.gentoo.org/glsa/201610-08 https://security.gentoo.org/glsa/201701-43 RedHat Security Advisories: RHSA-2016:1458 https://access.redhat.com/errata/RHSA-2016:1458 RedHat Security Advisories: RHSA-2016:1475 https://access.redhat.com/errata/RHSA-2016:1475 http://www.securitytracker.com/id/1036365 SuSE Security Announcement: SUSE-SU-2016:2012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html SuSE Security Announcement: openSUSE-SU-2016:1979 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html SuSE Security Announcement: openSUSE-SU-2016:2051 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html http://www.ubuntu.com/usn/USN-3043-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-5399 BugTraq ID: 92051 http://www.securityfocus.com/bid/92051 Bugtraq: 20160721 CVE-2016-5399: php: out-of-bounds write in bzread() (Google Search) http://www.securityfocus.com/archive/1/538966/100/0/threaded Debian Security Information: DSA-3631 (Google Search) http://www.debian.org/security/2016/dsa-3631 https://www.exploit-db.com/exploits/40155/ http://seclists.org/fulldisclosure/2016/Jul/72 http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html http://www.openwall.com/lists/oss-security/2016/07/21/1 RedHat Security Advisories: RHSA-2016:2598 http://rhn.redhat.com/errata/RHSA-2016-2598.html RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1036430 Common Vulnerability Exposure (CVE) ID: CVE-2016-6288 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html BugTraq ID: 92111 http://www.securityfocus.com/bid/92111 http://openwall.com/lists/oss-security/2016/07/24/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-6289 BugTraq ID: 92074 http://www.securityfocus.com/bid/92074 https://security.gentoo.org/glsa/201611-22 http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities Common Vulnerability Exposure (CVE) ID: CVE-2016-6290 BugTraq ID: 92097 http://www.securityfocus.com/bid/92097 Common Vulnerability Exposure (CVE) ID: CVE-2016-6291 BugTraq ID: 92073 http://www.securityfocus.com/bid/92073 Common Vulnerability Exposure (CVE) ID: CVE-2016-6296 BugTraq ID: 92095 http://www.securityfocus.com/bid/92095 https://lists.debian.org/debian-lts-announce/2019/11/msg00029.html http://www.ubuntu.com/usn/USN-3059-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-6297 BugTraq ID: 92099 http://www.securityfocus.com/bid/92099
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.